<?php
	session_start();
	if($_SESSION['login'] == 1 && $_SESSION['sessionid'] == session_id()) {
		header("Location: home.php");
		exit;
	}
	
	include("include/layout.php");
	include("include/class.mysql.php");

	html_start();
?>
				<h2>Login</h2>
				<span class="conin">
					<form action="<?=$_SERVER['PHP_SELF'];?>" method="post">
						<fieldset classe="login_form">
						<table>
							<tr>
								<td><?=LANG_USER;?>:</td>
								<td><input type="text" name="uname" id="uname" class="input" /></td>
							</tr>
							<tr>
								<td><?=LANG_PASS;?>:</td>
								<td><input type="password" name="pword" id="pword" class="input" /></td>
							</tr>
							<tr>
								<td><?=LANG_LANG;?>:</td>
								<td><select name="language"><option value="<?=LANG;?>"><?=LANG;?></option>
								<?php
									$odir = opendir("./include");

									while($file = readdir($odir)) {
										$la = explode(".", $file);

										print $la;
									
										if($la[1] !== LANG && $la[0] == "lang") {
											print "<option value=\"" . $la[1] . "\">" . $la[1] . "</option>";
										}
									}
									closedir($odir);
								?></td>
							</tr>
							<tr>
								<td></td>
								<td><input type="submit" name="sub" class="sub" value="<?=LANG_LOGON;?>" onClick="loginiJab();"/></td>
								
							</tr>
						</table>
						</fieldset>
					</form>
					<?php
						sleep(1);
						if(isset($_POST['sub'])) {
							$uname = $_POST['uname'];
							$pword = md5($_POST['pword']);
							$language = $_POST['language'];
							
							$inv = "<b>" . LANG_INVLOGIN . ":</b> ";

							if(empty($uname) || empty($pword)) {
								print $inv . LANG_VALLOGIN;
							}

							else {

								$MySQL->conn();

								$sql = mysql_query("SELECT id FROM " . DB_PREFIX . "users WHERE uname = '$uname' AND pword = '$pword'") or die(mysql_error());
								$num = mysql_num_rows($sql);
								$sql2 = mysql_query("SELECT priv FROM " . DB_PREFIX . "users WHERE uname = '$uname' AND pword = '$pword'");
								$privi = mysql_fetch_row($sql2);
								$privi = $privi[0];
								$sql3 = mysql_query("SELECT user_group FROM " . DB_PREFIX . "users WHERE uname = '$uname' AND pword = '$pword'") or die(mysql_error());
								$group = mysql_fetch_row($sql3);
								$group = $group[0];
								$sql4= mysql_query("SELECT id FROM " . DB_PREFIX . "users WHERE uname = '$uname' AND pword = '$pword'") or die(mysql_error());
								$self = mysql_fetch_row($sql4);
								$self = $self[0];
								$MySQL->close();

								if($num == 1) {
									$_SESSION['login'] = 1;
									$_SESSION['user'] = $uname;
									$_SESSION['lang'] = $language;
									$_SESSION['priv'] = $privi;
									$_SESSION['sessionid'] = session_id();
									$_SESSION['group'] = $group;
									$_SESSION['self'] = $self;
									print LANG_LOGGING . "...";
									print "<meta http-equiv=\"refresh\" content=\"1;url=home.php\" />";
								}

								else {
									print $inv . LANG_WRONG;
								}
							}
						}
					?>
				</span>
<?php
	html_end();
?>
